Failed to provision volume with StorageClass efs with Forbidden error
Environment
- Red Hat OpenShift Container Platform (RHOCP)
- 4
- Red Hat OpenShift Service on AWS (ROSA)
- 4
- Red Hat OpenShift Dedicated (OSD)
- 4
- AWS Elastic File System (EFS)
- AWS Security Token Service (STS)
- AWS EFS CSI Driver operator
Issue
-
PVC creation remains in pending state, and the following error is shown
failed to provision volume with StorageClass "efs-sc": rpc error: code = Internal desc = Failed to fetch File System info: Describe File System failed: RequestError: send request failed caused by: Get "https://elasticfilesystem.[region].amazonaws.com/2015-02-01/file-systems?FileSystemId=fs-xxxxxxxxxxxxxxxx": Forbidden
Resolution
Ensure that the needed permissions for working with AWS EFS are in place. Refer to the step "(For STS cluster only)(CLI only) Configure the Cloud credential and IAM role for Secure Token Service" in AWS EFS CSI Driver Operator installation guide in OCP.
Root Cause
There are missing permissions for the elasticfilesystem, causing the Forbidden error.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments